Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ssh certificate support #12281

Merged
merged 47 commits into from
Oct 11, 2020
Merged

Add ssh certificate support #12281

merged 47 commits into from
Oct 11, 2020

Commits on Aug 22, 2020

  1. Add ssh certificate support

    @42wim
    42wim committed Aug 22, 2020
    Configuration menu
    Copy the full SHA
    60fb3ed View commit details
    Browse the repository at this point in the history

  2. Add ssh certificate support to builtin ssh

    @42wim
    42wim committed Aug 22, 2020
    Configuration menu
    Copy the full SHA
    2dcb3f8 View commit details
    Browse the repository at this point in the history

  3. Write trusted-user-ca-keys.pem based on configuration

    @42wim
    42wim committed Aug 22, 2020
    Configuration menu
    Copy the full SHA
    4cacc44 View commit details
    Browse the repository at this point in the history

  4. Update app.example.ini

    @42wim
    42wim committed Aug 22, 2020
    Configuration menu
    Copy the full SHA
    3e928d0 View commit details
    Browse the repository at this point in the history

  5. Update templates/user/settings/keys_principal.tmpl 

    Co-authored-by: silverwind <me@silverwind.io>
    @42wim @silverwind
    42wim and silverwind committed Aug 22, 2020
    Configuration menu
    Copy the full SHA
    8d9989a View commit details
    Browse the repository at this point in the history

  6. Remove unused locale string

    @42wim
    42wim committed Aug 22, 2020
    Configuration menu
    Copy the full SHA
    d5e5a40 View commit details
    Browse the repository at this point in the history

  7. Update options/locale/locale_en-US.ini 

    Co-authored-by: silverwind <me@silverwind.io>
    @42wim @silverwind
    42wim and silverwind committed Aug 22, 2020
    Configuration menu
    Copy the full SHA
    cd27073 View commit details
    Browse the repository at this point in the history

  8. Update options/locale/locale_en-US.ini 

    Co-authored-by: silverwind <me@silverwind.io>
    @42wim @silverwind
    42wim and silverwind committed Aug 22, 2020
    Configuration menu
    Copy the full SHA
    0ade115 View commit details
    Browse the repository at this point in the history

  9. Update models/ssh_key.go 

    Co-authored-by: silverwind <me@silverwind.io>
    @42wim @silverwind
    42wim and silverwind committed Aug 22, 2020
    Configuration menu
    Copy the full SHA
    8defaaf View commit details
    Browse the repository at this point in the history

  10. Add missing creation of SSH.Rootpath

    @42wim
    42wim committed Aug 22, 2020
    Configuration menu
    Copy the full SHA
    2f10d27 View commit details
    Browse the repository at this point in the history

  11. Update cheatsheet, example and locale strings

    @42wim
    42wim committed Aug 22, 2020
    Configuration menu
    Copy the full SHA
    3a198e4 View commit details
    Browse the repository at this point in the history

  12. Update models/ssh_key.go 

    Co-authored-by: zeripath <art27@cantab.net>
    @42wim @zeripath
    42wim and zeripath committed Aug 22, 2020
    Configuration menu
    Copy the full SHA
    1d0dea8 View commit details
    Browse the repository at this point in the history

  13. Update models/ssh_key.go 

    Co-authored-by: zeripath <art27@cantab.net>
    @42wim @zeripath
    42wim and zeripath committed Aug 22, 2020
    Configuration menu
    Copy the full SHA
    3e39a5c View commit details
    Browse the repository at this point in the history

  14. Update models/ssh_key.go 

    Co-authored-by: zeripath <art27@cantab.net>
    @42wim @zeripath
    42wim and zeripath committed Aug 22, 2020
    Configuration menu
    Copy the full SHA
    63b6bc9 View commit details
    Browse the repository at this point in the history

  15. Update models/ssh_key.go 

    Co-authored-by: zeripath <art27@cantab.net>
    @42wim @zeripath
    42wim and zeripath committed Aug 22, 2020
    Configuration menu
    Copy the full SHA
    c27e664 View commit details
    Browse the repository at this point in the history

  16. Update models/ssh_key.go

    @zeripath @42wim
    zeripath authored and 42wim committed Aug 22, 2020
    Configuration menu
    Copy the full SHA
    aedeac0 View commit details
    Browse the repository at this point in the history

  17. Optimizations based on feedback

    @42wim
    42wim committed Aug 22, 2020
    Configuration menu
    Copy the full SHA
    8f492ff View commit details
    Browse the repository at this point in the history

  18. Validate CA keys for external sshd

    @42wim
    42wim committed Aug 22, 2020
    Configuration menu
    Copy the full SHA
    eacedf5 View commit details
    Browse the repository at this point in the history

  19. Add filename option and change default filename 

    Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is
RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem

Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty.

Add some more documentation.
    @42wim
    42wim committed Aug 22, 2020
    Configuration menu
    Copy the full SHA
    2e73472 View commit details
    Browse the repository at this point in the history

  20. Remove unneeded principalkey functions

    @42wim
    42wim committed Aug 22, 2020
    Configuration menu
    Copy the full SHA
    b0ac111 View commit details
    Browse the repository at this point in the history

  21. Add blank line

    @42wim
    42wim committed Aug 22, 2020
    Configuration menu
    Copy the full SHA
    0f88094 View commit details
    Browse the repository at this point in the history

Commits on Aug 29, 2020

  1. Apply suggestions from code review 

    Co-authored-by: zeripath <art27@cantab.net>
    @42wim @zeripath
    42wim and zeripath authored Aug 29, 2020
    Configuration menu
    Copy the full SHA
    455982a View commit details
    Browse the repository at this point in the history

  2. Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option 

    This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default
email,username this means that users only can add the principals
that match their email or username.

To allow anything the admin need to set the option anything.

This allows for a safe default in gitea which protects against malicious
users using other user's prinicipals. (before that user could set it).

This commit also has some small other fixes from the last code review.
    @42wim
    42wim committed Aug 29, 2020
    Configuration menu
    Copy the full SHA
    9ebfffd View commit details
    Browse the repository at this point in the history

  3. Rewrite principal keys file on user deletion

    @42wim
    42wim committed Aug 29, 2020
    Configuration menu
    Copy the full SHA
    b63e231 View commit details
    Browse the repository at this point in the history

  4. Merge branch 'master' into certificates

    @lafriks
    lafriks authored Aug 29, 2020
    Configuration menu
    Copy the full SHA
    6a16067 View commit details
    Browse the repository at this point in the history

  5. Use correct rewrite method

    @42wim
    42wim committed Aug 29, 2020
    Configuration menu
    Copy the full SHA
    6c65bb1 View commit details
    Browse the repository at this point in the history

  6. Set correct AuthorizedPrincipalsBackup default setting

    @42wim
    42wim committed Aug 29, 2020
    Configuration menu
    Copy the full SHA
    aa2c19f View commit details
    Browse the repository at this point in the history

  7. Rewrite principalsfile when adding principals

    @42wim
    42wim committed Aug 29, 2020
    Configuration menu
    Copy the full SHA
    27f64d0 View commit details
    Browse the repository at this point in the history

  8. Add update authorized_principals option to admin dashboard

    @42wim
    42wim committed Aug 29, 2020
    Configuration menu
    Copy the full SHA
    86f3af6 View commit details
    Browse the repository at this point in the history

Commits on Aug 31, 2020

  1. Merge remote-tracking branch 'origin/master' into 42wim-certificates

    @zeripath
    zeripath committed Aug 31, 2020
    Configuration menu
    Copy the full SHA
    5c03b58 View commit details
    Browse the repository at this point in the history

  2. Handle non-primary emails 

    Signed-off-by: Andrew Thornton <art27@cantab.net>
    @zeripath
    zeripath committed Aug 31, 2020
    Configuration menu
    Copy the full SHA
    a0d356d View commit details
    Browse the repository at this point in the history

  3. Add the command actually to the dashboard template

    @42wim @zeripath
    42wim authored and zeripath committed Aug 31, 2020
    Configuration menu
    Copy the full SHA
    c46bb5f View commit details
    Browse the repository at this point in the history

Commits on Sep 5, 2020

  1. Update models/ssh_key.go 

    Co-authored-by: silverwind <me@silverwind.io>
    @techknowlogick @silverwind
    techknowlogick and silverwind authored Sep 5, 2020
    Configuration menu
    Copy the full SHA
    ce8487a View commit details
    Browse the repository at this point in the history

  2. Merge branch 'master' into certificates

    @techknowlogick
    techknowlogick authored Sep 5, 2020
    Configuration menu
    Copy the full SHA
    bc03f3a View commit details
    Browse the repository at this point in the history

Commits on Sep 6, 2020

  1. Merge remote-tracking branch 'origin/master' into 42wim-certificates

    @zeripath
    zeripath committed Sep 6, 2020
    Configuration menu
    Copy the full SHA
    fc5fa28 View commit details
    Browse the repository at this point in the history

  2. By default do not show principal options unless there are CA keys set… 

    … or they are explicitly set

Signed-off-by: Andrew Thornton <art27@cantab.net>
    @zeripath
    zeripath committed Sep 6, 2020
    Configuration menu
    Copy the full SHA
    012dfda View commit details
    Browse the repository at this point in the history

Commits on Sep 24, 2020

  1. allow settings when enabled

    @techknowlogick
    techknowlogick committed Sep 24, 2020
    Configuration menu
    Copy the full SHA
    98b8447 View commit details
    Browse the repository at this point in the history

Commits on Sep 27, 2020

  1. Merge branch 'master' into certificates

    @techknowlogick
    techknowlogick authored Sep 27, 2020
    Configuration menu
    Copy the full SHA
    e767b63 View commit details
    Browse the repository at this point in the history

  2. Fix typos in TrustedUserCAKeys path

    @42wim
    42wim committed Sep 27, 2020
    Configuration menu
    Copy the full SHA
    d9f8713 View commit details
    Browse the repository at this point in the history

  3. Allow every CASignatureAlgorithms algorithm 

    As this depends on the content of TrustedUserCAKeys we should allow all
signature algorithms as admins can choose the specific algorithm on their
signing CA
    @42wim
    42wim committed Sep 27, 2020
    Configuration menu
    Copy the full SHA
    1e3352d View commit details
    Browse the repository at this point in the history

Commits on Sep 29, 2020

  1. Update models/ssh_key.go 

    Co-authored-by: Lauris BH <lauris@nix.lv>
    @42wim @lafriks
    42wim and lafriks authored Sep 29, 2020
    Configuration menu
    Copy the full SHA
    5f42f3a View commit details
    Browse the repository at this point in the history

  2. Merge branch 'master' into certificates

    @42wim
    42wim authored Sep 29, 2020
    Configuration menu
    Copy the full SHA
    66b99f7 View commit details
    Browse the repository at this point in the history

  3. Fix linting issue

    @42wim
    42wim committed Sep 29, 2020
    Configuration menu
    Copy the full SHA
    91d0d5b View commit details
    Browse the repository at this point in the history

  4. Merge branch 'master' into certificates

    @zeripath
    zeripath authored Sep 29, 2020
    Configuration menu
    Copy the full SHA
    8711842 View commit details
    Browse the repository at this point in the history

Commits on Sep 30, 2020

  1. Merge branch 'master' into certificates

    @zeripath
    zeripath authored Sep 30, 2020
    Configuration menu
    Copy the full SHA
    108a65e View commit details
    Browse the repository at this point in the history

Commits on Oct 1, 2020

  1. Merge remote-tracking branch 'origin/master' into 42wim-certificates

    @zeripath
    zeripath committed Oct 1, 2020
    Configuration menu
    Copy the full SHA
    0efcab0 View commit details
    Browse the repository at this point in the history

Commits on Oct 11, 2020

  1. Merge branch 'master' into certificates

    @techknowlogick
    techknowlogick authored Oct 11, 2020
    Configuration menu
    Copy the full SHA
    9a896de View commit details
    Browse the repository at this point in the history